Per RFC, you should publish via HTTP or LDAP. You will run into problems
when an application will not be able to pull CRL using HTTPS.
But that shouldn't cause your problem below. You should check out the file
system and test the CRL directly with openssl tools, like:
openssl crl -in filename.crl -noout -text
-----------------------------------------------------------------
DAVID BLAINE, GCIA , CISSP
GDLS-C Lead Information Risk Manager (LIRM)
CSC
6000 E. 17 Mile Rd. Sterling Heights MI 48313
GIS | o: 586.825.7650 | c: 810.217.8041 | f: 586.825.8606 |
dblai...@csc.com | www.csc.com
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to
any order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for such
purpose.
Yildirim Zaynal <asil.j...@gmail.com>
01/19/2009 05:06 AM
Please respond to
"Users' Help and Suggestions" <openca-users@lists.sourceforge.net>
To
"Users' Help and Suggestions" <openca-users@lists.sourceforge.net>
cc
Subject
[Openca-Users] Browsers cannot reach the CRL?
CRL published site:
https://ecb-ca/pub/crl/cacrl.crl
Issue:
The browsers cannot seem to be able to reach the CRL. Using Internet
Explorer 6.x gives warning that the CRL is not accessable.
BUT When adding the CRL directly to the address bar and pressing enter
downloads the CRL as text format.
Opening the CRL file with crypto shell extensions in windows does not
report any errors, BUT
using Firefox 3.x there is no warning, but trying to import the CRL
directly to the firefox gives this error:
The application cannot import the Certificate Revocation List (CRL).
Error Importing CRL to local Database. Error Code:ffffe009
Please ask your system administrator for assistance.
Checking Error Code:ffffe009 it points out it is a format error, but
the CRLs have been created automatically by the openCA 0.9.2.5, and
also trying on other CA and creating the CRL with XCA gives same
errors in firefox. For Firefox i fixed it by using DER format, and
imports without issues.
SO to my main question:
Is this affected by the fact the the CRL is published on https?
Does anybody have the CRL published on https or is it http?
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
